Created
February 9, 2021 02:21
-
-
Save jessesomerville/0b3ef57457265887655970328efbdea4 to your computer and use it in GitHub Desktop.
Permissions granted to GCP's Owner role that are not granted to the Editor role (as of 2021-02-08)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| accessapproval.requests.approve | |
| accessapproval.requests.dismiss | |
| accessapproval.settings.delete | |
| accessapproval.settings.update | |
| accesscontextmanager.accessPolicies.setIamPolicy | |
| accesscontextmanager.policies.setIamPolicy | |
| apigateway.apiconfigs.setIamPolicy | |
| apigateway.apis.setIamPolicy | |
| apigateway.gateways.setIamPolicy | |
| apigee.environments.setIamPolicy | |
| appengine.applications.create | |
| appengine.versions.getFileContents | |
| artifactregistry.repositories.setIamPolicy | |
| automl.datasets.setIamPolicy | |
| automl.locations.setIamPolicy | |
| automl.models.setIamPolicy | |
| automlrecommendations.events.purge | |
| automlrecommendations.events.rejoin | |
| automlrecommendations.placements.delete | |
| autoscaling.sites.setIamPolicy | |
| bigquery.capacityCommitments.create | |
| bigquery.capacityCommitments.delete | |
| bigquery.config.update | |
| bigquery.connections.setIamPolicy | |
| bigquery.datasets.delete | |
| bigquery.datasets.setIamPolicy | |
| bigquery.datasets.update | |
| bigquery.jobs.listAll | |
| bigquery.jobs.update | |
| bigquery.tables.setIamPolicy | |
| bigtable.backups.setIamPolicy | |
| bigtable.instances.setIamPolicy | |
| bigtable.tables.setIamPolicy | |
| binaryauthorization.attestors.setIamPolicy | |
| binaryauthorization.continuousValidationConfig.setIamPolicy | |
| binaryauthorization.policy.setIamPolicy | |
| cloudasset.assets.exportAccessLevel | |
| cloudasset.assets.exportAccessPolicy | |
| cloudasset.assets.exportAllAccessPolicy | |
| cloudasset.assets.exportBigtableCluster | |
| cloudasset.assets.exportBigtableInstance | |
| cloudasset.assets.exportBigtableTable | |
| cloudasset.assets.exportCloudkmsImportJobs | |
| cloudasset.assets.exportComputeGlobalAddress | |
| cloudasset.assets.exportComputeRegionAutoscaler | |
| cloudasset.assets.exportComputeRegionDisk | |
| cloudasset.assets.exportComputeRegionInstanceGroup | |
| cloudasset.assets.exportComputeRegionInstanceGroupManager | |
| cloudasset.assets.exportContainerClusterrole | |
| cloudasset.assets.exportContainerClusterrolebinding | |
| cloudasset.assets.exportContainerNamespace | |
| cloudasset.assets.exportContainerNode | |
| cloudasset.assets.exportContainerNodepool | |
| cloudasset.assets.exportContainerPod | |
| cloudasset.assets.exportContainerRole | |
| cloudasset.assets.exportContainerRolebinding | |
| cloudasset.assets.exportContainerregistryImage | |
| cloudasset.assets.exportDatafusionInstance | |
| cloudasset.assets.exportIamPolicy | |
| cloudasset.assets.exportManagedidentitiesDomain | |
| cloudasset.assets.exportOrgPolicy | |
| cloudasset.assets.exportResource | |
| cloudasset.assets.exportServicePerimeter | |
| cloudasset.feeds.create | |
| cloudasset.feeds.delete | |
| cloudasset.feeds.get | |
| cloudasset.feeds.list | |
| cloudasset.feeds.update | |
| cloudfunctions.functions.setIamPolicy | |
| cloudiot.registries.setIamPolicy | |
| cloudkms.cryptoKeyVersions.destroy | |
| cloudkms.cryptoKeyVersions.restore | |
| cloudkms.cryptoKeyVersions.useToDecrypt | |
| cloudkms.cryptoKeyVersions.useToEncrypt | |
| cloudkms.cryptoKeyVersions.useToSign | |
| cloudkms.cryptoKeyVersions.viewPublicKey | |
| cloudkms.cryptoKeys.setIamPolicy | |
| cloudkms.importJobs.setIamPolicy | |
| cloudkms.keyRings.setIamPolicy | |
| cloudmigration.velostrataendpoints.connect | |
| cloudprivatecatalogproducer.catalogs.setIamPolicy | |
| cloudprivatecatalogproducer.producerCatalogs.setIamPolicy | |
| cloudprivatecatalogproducer.products.setIamPolicy | |
| cloudsupport.accounts.create | |
| cloudsupport.accounts.delete | |
| cloudsupport.accounts.setIamPolicy | |
| cloudtasks.queues.getIamPolicy | |
| cloudtasks.queues.setIamPolicy | |
| compute.disks.setIamPolicy | |
| compute.firewallPolicies.setIamPolicy | |
| compute.globalOperations.setIamPolicy | |
| compute.images.setIamPolicy | |
| compute.instanceTemplates.setIamPolicy | |
| compute.instances.setIamPolicy | |
| compute.licenseCodes.setIamPolicy | |
| compute.licenses.setIamPolicy | |
| compute.machineImages.setIamPolicy | |
| compute.maintenancePolicies.setIamPolicy | |
| compute.networkEndpointGroups.setIamPolicy | |
| compute.nodeGroups.setIamPolicy | |
| compute.nodeTemplates.setIamPolicy | |
| compute.oslogin.updateExternalUser | |
| compute.regionOperations.setIamPolicy | |
| compute.securityPolicies.setIamPolicy | |
| compute.snapshots.setIamPolicy | |
| compute.subnetworks.setIamPolicy | |
| compute.zoneOperations.setIamPolicy | |
| container.certificateSigningRequests.approve | |
| container.clusterRoleBindings.create | |
| container.clusterRoleBindings.delete | |
| container.clusterRoleBindings.update | |
| container.clusterRoles.bind | |
| container.clusterRoles.create | |
| container.clusterRoles.delete | |
| container.clusterRoles.escalate | |
| container.clusterRoles.update | |
| container.localSubjectAccessReviews.create | |
| container.roleBindings.create | |
| container.roleBindings.delete | |
| container.roleBindings.update | |
| container.roles.bind | |
| container.roles.create | |
| container.roles.delete | |
| container.roles.escalate | |
| container.roles.update | |
| container.serviceAccounts.createToken | |
| container.subjectAccessReviews.create | |
| containeranalysis.notes.setIamPolicy | |
| containeranalysis.occurrences.setIamPolicy | |
| datacatalog.categories.setIamPolicy | |
| datacatalog.entries.setIamPolicy | |
| datacatalog.entryGroups.setIamPolicy | |
| datacatalog.tagTemplates.setIamPolicy | |
| datacatalog.taxonomies.create | |
| datacatalog.taxonomies.delete | |
| datacatalog.taxonomies.setIamPolicy | |
| datacatalog.taxonomies.update | |
| datafusion.instances.setIamPolicy | |
| datamigration.connectionprofiles.setIamPolicy | |
| datamigration.migrationjobs.setIamPolicy | |
| dataproc.autoscalingPolicies.setIamPolicy | |
| dataproc.clusters.setIamPolicy | |
| dataproc.jobs.setIamPolicy | |
| dataproc.operations.setIamPolicy | |
| dataproc.workflowTemplates.setIamPolicy | |
| dataprocessing.featurecontrols.update | |
| dataprocessing.groupcontrols.update | |
| datastore.databases.create | |
| datastore.databases.delete | |
| datastore.databases.export | |
| datastore.databases.import | |
| datastore.databases.setIamPolicy | |
| datastore.locations.get | |
| datastore.locations.list | |
| datastore.namespaces.setIamPolicy | |
| datastore.operations.cancel | |
| datastore.operations.delete | |
| datastore.operations.get | |
| datastore.operations.list | |
| deploymentmanager.deployments.getIamPolicy | |
| deploymentmanager.deployments.setIamPolicy | |
| dlp.kms.encrypt | |
| dns.policies.getIamPolicy | |
| dns.policies.setIamPolicy | |
| domains.registrations.setIamPolicy | |
| earlyaccesscenter.campaigns.enroll | |
| earthengine.assets.setIamPolicy | |
| eventarc.events.receiveAuditLogWritten | |
| eventarc.triggers.setIamPolicy | |
| firebase.billingPlans.update | |
| firebase.links.create | |
| firebase.links.delete | |
| firebase.links.update | |
| firebase.projects.delete | |
| firebasedynamiclinks.destinations.update | |
| firebasedynamiclinks.domains.delete | |
| firebaseextensions.configs.create | |
| firebaseextensions.configs.delete | |
| firebaseextensions.configs.update | |
| genomics.datasets.getIamPolicy | |
| genomics.datasets.setIamPolicy | |
| gkehub.endpoints.connect | |
| gkehub.features.setIamPolicy | |
| gkehub.gateway.setIamPolicy | |
| gkehub.memberships.setIamPolicy | |
| healthcare.annotationStores.setIamPolicy | |
| healthcare.consentStores.setIamPolicy | |
| healthcare.datasets.setIamPolicy | |
| healthcare.dicomStores.setIamPolicy | |
| healthcare.fhirStores.setIamPolicy | |
| healthcare.hl7V2Stores.setIamPolicy | |
| iam.roles.create | |
| iam.roles.delete | |
| iam.roles.undelete | |
| iam.roles.update | |
| iam.serviceAccounts.setIamPolicy | |
| iam.serviceAccounts.undelete | |
| iap.tunnel.getIamPolicy | |
| iap.tunnel.setIamPolicy | |
| iap.tunnelInstances.accessViaIAP | |
| iap.tunnelInstances.getIamPolicy | |
| iap.tunnelInstances.setIamPolicy | |
| iap.tunnelZones.getIamPolicy | |
| iap.tunnelZones.setIamPolicy | |
| iap.web.getIamPolicy | |
| iap.web.setIamPolicy | |
| iap.webServiceVersions.getIamPolicy | |
| iap.webServiceVersions.setIamPolicy | |
| iap.webServices.getIamPolicy | |
| iap.webServices.setIamPolicy | |
| iap.webTypes.getIamPolicy | |
| iap.webTypes.setIamPolicy | |
| logging.buckets.create | |
| logging.buckets.delete | |
| logging.buckets.undelete | |
| logging.buckets.update | |
| logging.exclusions.create | |
| logging.exclusions.delete | |
| logging.exclusions.update | |
| logging.notificationRules.create | |
| logging.notificationRules.delete | |
| logging.notificationRules.update | |
| logging.privateLogEntries.list | |
| logging.sinks.create | |
| logging.sinks.delete | |
| logging.sinks.update | |
| logging.views.access | |
| managedidentities.domains.setIamPolicy | |
| metastore.services.setIamPolicy | |
| ml.jobs.setIamPolicy | |
| ml.models.setIamPolicy | |
| ml.studies.setIamPolicy | |
| monitoring.notificationChannels.getVerificationCode | |
| networkmanagement.connectivitytests.setIamPolicy | |
| networksecurity.authorizationPolicies.setIamPolicy | |
| networksecurity.clientTlsPolicies.setIamPolicy | |
| networksecurity.serverTlsPolicies.setIamPolicy | |
| networkservices.endpointConfigSelectors.setIamPolicy | |
| networkservices.httpFilters.setIamPolicy | |
| networkservices.httpfilters.setIamPolicy | |
| notebooks.environments.setIamPolicy | |
| notebooks.instances.setIamPolicy | |
| privateca.certificateAuthorities.setIamPolicy | |
| privateca.certificateRevocationLists.setIamPolicy | |
| privateca.certificates.setIamPolicy | |
| privateca.reusableConfigs.setIamPolicy | |
| proximitybeacon.beacons.getIamPolicy | |
| proximitybeacon.beacons.setIamPolicy | |
| proximitybeacon.namespaces.getIamPolicy | |
| proximitybeacon.namespaces.setIamPolicy | |
| pubsub.snapshots.getIamPolicy | |
| pubsub.snapshots.setIamPolicy | |
| pubsub.subscriptions.getIamPolicy | |
| pubsub.subscriptions.setIamPolicy | |
| pubsub.topics.getIamPolicy | |
| pubsub.topics.setIamPolicy | |
| remotebuildexecution.instances.delete | |
| remotebuildexecution.workerpools.delete | |
| resourcemanager.projects.createBillingAssignment | |
| resourcemanager.projects.delete | |
| resourcemanager.projects.deleteBillingAssignment | |
| resourcemanager.projects.setIamPolicy | |
| resourcemanager.projects.undelete | |
| resourcemanager.projects.updateLiens | |
| run.services.setIamPolicy | |
| runtimeconfig.configs.getIamPolicy | |
| runtimeconfig.configs.setIamPolicy | |
| runtimeconfig.variables.getIamPolicy | |
| runtimeconfig.variables.setIamPolicy | |
| runtimeconfig.waiters.getIamPolicy | |
| runtimeconfig.waiters.setIamPolicy | |
| secretmanager.secrets.setIamPolicy | |
| secretmanager.versions.access | |
| securitycenter.sources.setIamPolicy | |
| servicebroker.bindings.setIamPolicy | |
| servicebroker.catalogs.setIamPolicy | |
| servicebroker.catalogs.validate | |
| servicebroker.instances.setIamPolicy | |
| servicedirectory.endpoints.setIamPolicy | |
| servicedirectory.namespaces.setIamPolicy | |
| servicedirectory.services.setIamPolicy | |
| servicemanagement.consumerSettings.getIamPolicy | |
| servicemanagement.consumerSettings.setIamPolicy | |
| servicemanagement.services.getIamPolicy | |
| servicemanagement.services.setIamPolicy | |
| servicenetworking.services.addPeering | |
| source.repos.create | |
| source.repos.delete | |
| source.repos.getProjectConfig | |
| source.repos.setIamPolicy | |
| source.repos.updateProjectConfig | |
| source.repos.updateRepoConfig | |
| spanner.backups.setIamPolicy | |
| spanner.databases.setIamPolicy | |
| spanner.instances.setIamPolicy | |
| stackdriver.projects.edit | |
| threatdetection.detectorSettings.clear | |
| threatdetection.detectorSettings.get | |
| threatdetection.detectorSettings.update | |
| threatdetection.sinkSettings.get | |
| threatdetection.sinkSettings.update | |
| threatdetection.sourceSettings.get | |
| threatdetection.sourceSettings.update | |
| workflows.workflows.setIamPolicy |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment