Fetch all roles

bgeesaman · bgeesaman · commit cf62a963181e · 2025-06-06T13:21:56.000Z
diff --git a/gcp_roles_cai.json b/gcp_roles_cai.json
diff --git a/roles/backupdr.backupUser b/roles/backupdr.backupUser
@@ -13,8 +13,6 @@
     "backupdr.backupPlanAssociations.triggerBackupForComputeInstance",
     "backupdr.backupPlanAssociations.updateForComputeDisk",
     "backupdr.backupPlanAssociations.updateForComputeInstance",
-    "backupdr.backupPlanRevisions.get",
-    "backupdr.backupPlanRevisions.list",
     "backupdr.backupPlans.get",
     "backupdr.backupPlans.list",
     "backupdr.backupPlans.useForComputeDisk",
diff --git a/roles/backupdr.serviceAgent b/roles/backupdr.serviceAgent
@@ -2,7 +2,6 @@
   "description": "Grants the Backup and DR Service access to discover and protect GCP resources.",
   "etag": "AA==",
   "includedPermissions": [
-    "alloydb.operations.get",
     "cloudsql.instances.get",
     "compute.addresses.list",
     "compute.addresses.use",
diff --git a/roles/chronicle.soarServiceAgent b/roles/chronicle.soarServiceAgent
@@ -9,12 +9,15 @@
     "cloudasset.assets.searchAllResources",
     "compute.firewalls.get",
     "compute.firewalls.update",
+    "compute.globalOperations.get",
     "compute.instances.deleteAccessConfig",
     "compute.instances.get",
     "compute.instances.list",
     "compute.instances.stop",
     "compute.instances.updateNetworkInterface",
     "compute.networks.updatePolicy",
+    "compute.regionOperations.get",
+    "compute.zoneOperations.get",
     "compute.zones.list",
     "iam.serviceAccounts.disable",
     "iam.serviceAccounts.list",
diff --git a/roles/clouddeploy.developer b/roles/clouddeploy.developer
@@ -29,6 +29,7 @@
     "clouddeploy.operations.list",
     "clouddeploy.releases.abandon",
     "clouddeploy.releases.create",
+    "clouddeploy.releases.delete",
     "clouddeploy.releases.get",
     "clouddeploy.releases.list",
     "clouddeploy.rollouts.get",
diff --git a/roles/clouddeploy.operator b/roles/clouddeploy.operator
@@ -38,6 +38,7 @@
     "clouddeploy.operations.list",
     "clouddeploy.releases.abandon",
     "clouddeploy.releases.create",
+    "clouddeploy.releases.delete",
     "clouddeploy.releases.get",
     "clouddeploy.releases.list",
     "clouddeploy.rollouts.advance",
diff --git a/roles/compliancescanning.serviceAgent b/roles/compliancescanning.serviceAgent
@@ -28,15 +28,12 @@
     "artifactregistry.tags.list",
     "artifactregistry.versions.get",
     "artifactregistry.versions.list",
-    "compute.globalOperations.get",
     "compute.images.get",
     "compute.images.list",
     "compute.images.useReadOnly",
     "compute.instances.get",
     "compute.instances.getGuestAttributes",
     "compute.instances.list",
-    "compute.regionOperations.get",
-    "compute.zoneOperations.get",
     "compute.zones.get",
     "compute.zones.list",
     "containeranalysis.notes.attachOccurrence",
diff --git a/roles/compute.serviceAgent b/roles/compute.serviceAgent
@@ -10,7 +10,6 @@
     "compute.disks.setLabels",
     "compute.disks.use",
     "compute.disks.useReadOnly",
-    "compute.globalOperations.get",
     "compute.images.useReadOnly",
     "compute.instanceGroupManagers.get",
     "compute.instanceTemplates.useReadOnly",
@@ -25,12 +24,10 @@
     "compute.machineImages.useReadOnly",
     "compute.networks.use",
     "compute.networks.useExternalIp",
-    "compute.regionOperations.get",
     "compute.resourcePolicies.use",
     "compute.snapshots.useReadOnly",
     "compute.subnetworks.use",
     "compute.subnetworks.useExternalIp",
-    "compute.zoneOperations.get",
     "iam.serviceAccounts.actAs",
     "iam.serviceAccounts.getAccessToken",
     "iam.serviceAccounts.getOpenIdToken",
diff --git a/roles/datastream.bigqueryWriter b/roles/datastream.bigqueryWriter
diff --git a/roles/developerconnect.insightsAdmin b/roles/developerconnect.insightsAdmin
diff --git a/roles/developerconnect.insightsAgent b/roles/developerconnect.insightsAgent
diff --git a/roles/developerconnect.insightsViewer b/roles/developerconnect.insightsViewer
diff --git a/roles/discoveryengine.user b/roles/discoveryengine.user
@@ -18,7 +18,6 @@
     "discoveryengine.dataConnectors.checkRefreshToken",
     "discoveryengine.dataConnectors.executeAction",
     "discoveryengine.dataConnectors.queryAvailableActions",
-    "discoveryengine.engines.get",
     "discoveryengine.notebooks.create",
     "discoveryengine.notebooks.list",
     "discoveryengine.servingConfigs.answer",
diff --git a/roles/documentai.admin b/roles/documentai.admin
@@ -4,7 +4,9 @@
   "includedPermissions": [
     "documentai.dataLabelingJobs.cancel",
     "documentai.dataLabelingJobs.create",
+    "documentai.dataLabelingJobs.delete",
     "documentai.dataLabelingJobs.list",
+    "documentai.dataLabelingJobs.update",
     "documentai.datasetSchemas.get",
     "documentai.datasetSchemas.update",
     "documentai.datasets.createDocuments",
@@ -25,6 +27,7 @@
     "documentai.labelerPools.delete",
     "documentai.labelerPools.get",
     "documentai.labelerPools.list",
+    "documentai.labelerPools.update",
     "documentai.locations.get",
     "documentai.locations.list",
     "documentai.operations.getLegacy",
diff --git a/roles/documentai.editor b/roles/documentai.editor
@@ -4,7 +4,9 @@
   "includedPermissions": [
     "documentai.dataLabelingJobs.cancel",
     "documentai.dataLabelingJobs.create",
+    "documentai.dataLabelingJobs.delete",
     "documentai.dataLabelingJobs.list",
+    "documentai.dataLabelingJobs.update",
     "documentai.datasetSchemas.get",
     "documentai.datasetSchemas.update",
     "documentai.datasets.createDocuments",
@@ -25,6 +27,7 @@
     "documentai.labelerPools.delete",
     "documentai.labelerPools.get",
     "documentai.labelerPools.list",
+    "documentai.labelerPools.update",
     "documentai.locations.get",
     "documentai.locations.list",
     "documentai.operations.getLegacy",
diff --git a/roles/editor b/roles/editor
@@ -1875,10 +1875,6 @@
     "chronicle.instances.permitFederationAccess",
     "chronicle.instances.report",
     "chronicle.instances.verifyNonce",
-    "chronicle.iocAssociations.batchGet",
-    "chronicle.iocAssociations.fetchRelatedIocAssociations",
-    "chronicle.iocAssociations.fetchRelatedThreatCollections",
-    "chronicle.iocAssociations.get",
     "chronicle.iocMatches.get",
     "chronicle.iocMatches.list",
     "chronicle.iocState.get",
@@ -1973,10 +1969,6 @@
     "chronicle.searchQueries.get",
     "chronicle.searchQueries.list",
     "chronicle.searchQueries.update",
-    "chronicle.threatCollections.fetchIocMatchMetadata",
-    "chronicle.threatCollections.fetchRuleMetadata",
-    "chronicle.threatCollections.get",
-    "chronicle.threatCollections.list",
     "chronicle.watchlists.get",
     "chronicle.watchlists.list",
     "chroniclesm.gcpAssociations.get",
@@ -2291,6 +2283,7 @@
     "clouddeploy.operations.list",
     "clouddeploy.releases.abandon",
     "clouddeploy.releases.create",
+    "clouddeploy.releases.delete",
     "clouddeploy.releases.get",
     "clouddeploy.releases.list",
     "clouddeploy.rollouts.advance",
@@ -5626,7 +5619,9 @@
     "dns.responsePolicyRules.update",
     "documentai.dataLabelingJobs.cancel",
     "documentai.dataLabelingJobs.create",
+    "documentai.dataLabelingJobs.delete",
     "documentai.dataLabelingJobs.list",
+    "documentai.dataLabelingJobs.update",
     "documentai.datasetSchemas.get",
     "documentai.datasetSchemas.update",
     "documentai.datasets.createDocuments",
@@ -5647,6 +5642,7 @@
     "documentai.labelerPools.delete",
     "documentai.labelerPools.get",
     "documentai.labelerPools.list",
+    "documentai.labelerPools.update",
     "documentai.locations.get",
     "documentai.locations.list",
     "documentai.operations.getLegacy",
@@ -6599,9 +6595,6 @@
     "iam.principalaccessboundarypolicies.searchPolicyBindings",
     "iam.roles.get",
     "iam.roles.list",
-    "iam.serviceAccountApiKeyBindings.create",
-    "iam.serviceAccountApiKeyBindings.delete",
-    "iam.serviceAccountApiKeyBindings.undelete",
     "iam.serviceAccountKeys.create",
     "iam.serviceAccountKeys.delete",
     "iam.serviceAccountKeys.disable",
diff --git a/roles/iam.securityAdmin b/roles/iam.securityAdmin
@@ -483,6 +483,7 @@
     "chronicle.ruleExecutionErrors.list",
     "chronicle.rules.list",
     "chronicle.searchQueries.list",
+    "chronicle.threatCollections.list",
     "chronicle.validationErrors.list",
     "chronicle.watchlists.list",
     "chroniclesm.gcpAssociations.list",
diff --git a/roles/iam.serviceAccountApiKeyBindingAdmin b/roles/iam.serviceAccountApiKeyBindingAdmin
@@ -1,11 +1,6 @@
 {
   "description": "Create and delete service account API Key bindings",
   "etag": "AA==",
-  "includedPermissions": [
-    "iam.serviceAccountApiKeyBindings.create",
-    "iam.serviceAccountApiKeyBindings.delete",
-    "iam.serviceAccountApiKeyBindings.undelete"
-  ],
   "name": "roles/iam.serviceAccountApiKeyBindingAdmin",
   "stage": "GA",
   "title": "Service Account API Key Binding Admin"
diff --git a/roles/observability.analyticsUser b/roles/observability.analyticsUser
@@ -2,9 +2,6 @@
   "description": "Grants permissions to use Cloud Observability Analytics.",
   "etag": "AA==",
   "includedPermissions": [
-    "logging.queries.getShared",
-    "logging.queries.listShared",
-    "logging.queries.usePrivate",
     "observability.analyticsViews.create",
     "observability.analyticsViews.delete",
     "observability.analyticsViews.get",
diff --git a/roles/securitycenter.serviceAgent b/roles/securitycenter.serviceAgent
@@ -584,6 +584,8 @@
     "compute.instances.list",
     "compute.networkEndpointGroups.get",
     "compute.projects.get",
+    "compute.regionOperations.get",
+    "compute.zoneOperations.get",
     "container.clusters.get",
     "iam.denypolicies.get",
     "iam.denypolicies.list",
