Policy Intelligence release notes

This page documents production updates to Policy Intelligence. Check this page for announcements about new or updated features, bug fixes, known issues, and deprecated functionality.

You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or programmatically access release notes in BigQuery.

December 16, 2024

You can use Policy Simulator for principal access boundary policies to simulate changes to principal access boundary policies before you apply them. This feature is available in Preview.

December 11, 2024

You can use Policy Simulator for deny policies to simulate changes to deny policies before you apply them. This feature is available in Preview.

August 15, 2024

The IAM recommender generates policy insights and role recommendations for the following identities:

  • All identities in a workload identity pool
  • Single identity in a workload identity pool
  • All identities in a workforce identity pool
  • Single identity in a workforce identity pool
  • All Google Kubernetes Engine Pods that use a specific Kubernetes service account

To learn more, see Availability. This feature is generally available.

July 03, 2024

You can use Policy Troubleshooter to troubleshoot principal access boundary policies. This feature is available in Preview.

May 31, 2024

Activity Analyzer checks service activation and quota for the project that you're using to analyze access (the client project) instead of the projects whose resources you're analyzing (the resource projects). As a result, you only need to enable the Policy Analyzer API in your client project, not in your resource projects.

May 17, 2024

The IAM recommender generates policy insights and role recommendations for identities in Workload Identity Federation pools. To learn more, see Availability. This feature is available in Preview.

During Preview, the actual observation period might be shorter than the observation period listed in recommendations for these principals.

May 03, 2024

Some Policy Intelligence features are only available for customers with organization-level activations of Security Command Center. For more information, see Billing questions.

April 01, 2024

Policy Troubleshooter for IAM currently doesn't fetch tags for regional resources, such as Google Kubernetes Engine (GKE) clusters. As a result, if you have IAM policies with tag-based conditions and you try to use Policy Troubleshooter to troubleshoot access to regional resources, you might get inaccurate results. Our engineering team is working to resolve this issue.

February 26, 2024

The IAM recommender offers role recommendations for BigQuery datasets. Role recommendations help you reduce excess permissions by suggesting role changes based on actual permission usage. This feature is available in Preview.

January 12, 2024

The requirement that customers have organization-level activations of Security Command Center to use certain Policy Intelligence features has been delayed until April 29, 2024. For more information about which features are affected by this change, see Billing questions.

November 07, 2023

You can use the Google Cloud console to analyze organization policies. This feature is available in Preview.

September 28, 2023

After January 15, 2024, some Policy Intelligence features will only be available for customers with organization-level activations of Security Command Center. For more information, see Billing questions.

Using Policy Troubleshooter to troubleshoot deny policies is generally available.

July 05, 2023

You can use Policy Troubleshooter to troubleshoot deny policies. This feature is in Preview.

January 24, 2023

Configurable IAM recommendations are now generally available. With configurable IAM recommendations, you can set the minimum observation period for the IAM recommender to 30 or 60 days instead of the default period of 90 days.

December 12, 2022

You can now use the Google Cloud console to write IAM policy analysis results to BigQuery. This feature is generally available.

December 05, 2022

You can now set the minimum observation period for the IAM recommender to 30 or 60 days instead of the default period of 90 days. For more information, see Configure role recommendation generation. This feature is available in Preview.

November 18, 2022

Policy Analyzer now offers organization policy analysis. Policy Analyzer helps you get more information about the resources affected by an organization policy constraint. This feature is available in Preview.

November 10, 2022

Role recommendations and policy insights for Cloud Storage buckets are now generally available. Additionally, you can now use the Google Cloud console to review bucket-level role recommendations and policy insights.

August 30, 2022

The user interface for Policy Troubleshooter in the Cloud console has been updated to improve usability. To view the new user interface, visit the Policy Troubleshooter page in the Cloud console.

July 08, 2022

Recommender now offers role recommendations for Cloud Storage buckets. Role recommendations help you reduce excess permissions by suggesting role changes based on actual permission usage. This feature is available in Preview.

July 01, 2022

Lateral movement insights, which identify roles that allow a service account in one project to impersonate a service account in another project, are now generally available.

June 27, 2022

In the Cloud console, Policy Troubleshooter for IAM allow policies now reports if there are deny policies that could affect a principal's access.