[Action Advised] Review IAM new permissions for multiple Google Cloud services

Role capabilities improvements for multiple Google Cloud services starting Mar 29, 2026.

MY CONSOLE   Hello vv, We’re writing to inform you about upcoming enhancements to several Identity and Access Management (IAM) roles for multiple Google Cloud services. To provide you with more standardized control and access to new and existing features, we are adding new permissions to the predefined roles listed below. These changes will take effect on March 29, 2026. We’ve provided additional details below to help you understand these changes and take any necessary actions. What you need to know We’re adding new permissions to ensure role definitions remain consistent and easy to understand. With this change, you can expect the roles to behave as follows: {Service} Admin: This role provides full access to all operations provided by this service {Service} Editor: This role provides the ability to create, modify, delete, view, and use all types of resources for this service. It will not include the ability to manage security policies. {Service} Viewer: This role provides read-only access to the resources and their configuration properties Key changes: To ensure standardized roles, new permissions will be added to the specified IAM roles for multiple services. To review the full list of changes, please visit the Permissions documentation. Potential impact: The new permissions will extend the capabilities of existing roles and will not break functionality. Your current service usage and role grants will not be affected. Principals (users, service accounts) granted these roles will automatically gain the new permissions on March 29 , 2026. What you need to do Action advised: Review the new permissions granted to your principals based on updated role changes. Review your policies where the changed roles are applied, and verify that the additional permissions are acceptable for granting to the users, groups or service accounts defined in the policy bindings. If the changes are acceptable, no action is required on your part. Depending on your security needs, you can choose to not grant these permissions to your users by creating a custom role with the specific permissions you wish to grant, or by using an IAM Deny policy to deny specific permissions. How to define a custom role How to use IAM Deny policies Impacted customers/accounts: Your affected projects are listed below: bq2409 We’re here to help We understand that these changes may require some planning and we are here to support you. For full details on the updated roles and permissions, please refer to the following documentation pages: Service IAM Roles and Permissions Overview IAM roles and permissions reference If you have any questions or require assistance, please contact Google Cloud Support. Thanks for choosing Google Cloud. – The Google Cloud Team DOCUMENTATION SUPPORT

Was this information helpful?         © 2026 Google LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043 You’ve received this mandatory service announcement to update you about important changes to Google Cloud or your account.