Oct Recap: New and Newly Deniable GCP Privileged Permissions
As October 2025 wraps up, Sonrai’s latest analysis of Google Cloud Platform permissions reveals both newly introduced privileged actions and those that have become newly enforceable through the V2 API, meaning organizations can now explicitly den
Oct Recap: New and Newly Deniable GCP Privileged Permissions
As October 2025 wraps up, Sonrai’s latest analysis of Google Cloud Platform permissions reveals both newly introduced privileged actions and those that have become newly enforceable through the V2 API, meaning organizations can now explicitly deny their use. This month’s updates span Discovery Engine, Cloud Integrations, and Backup and Disaster Recovery, reflecting how GCP continues to expand both its automation and data management capabilities.
From permissions that enable identity remapping and IAM policy manipulation to those that alter authentication configurations, certificates, and backup protections, these updates highlight how small configuration shifts can have major security implications. Collectively, they underscore the importance of monitoring emerging privileges and taking advantage of new deny policy capabilities to prevent privilege escalation, persistence, and data loss before they occur.
Existing Services with New Privileged Permissions (or new to V2)
Discovery Engine
Service Type: Data and Analytics
Permission: discoveryengine.googleapis.com/notebooks.setIamPolicy
Action: Grants permission to set or modify IAM policies on Discovery Engine notebooks
Mitre Tactic: Privilege Escalation
Why it’s privileged: Allows assigning NotebookLM access to attacker-controlled accounts or roles, enabling privilege escalation.
Permission: discoveryengine.googleapis.com/identityMappingStores.importIdentityMappings
Action: Imports a list of Identity Mapping Entries to an Identity Mapping Store
Mitre Tactic: Privilege Escalation
Why it’s privileged: Mapping Stores contain mappings of external identities to GCP users/groups, enabling fine-grained access controls on custom VertexAI data sources. By remapping Remaps external identities to different GCP users/groups, attacker-controlled external identities could be granted access to any data governed by those mappings.
Permission: discoveryengine.googleapis.com/dataConnectors.executeAction
Action: Executes a third-party action using the DataConnector
Mitre Tactic: Execution
Why it’s privileged: Lets a caller trigger external integrations or action invocations (including FHIR/health workflows), which can run code, move or expose sensitive data, or cause changes in connected systems.
Cloud Integrations
Service Type: Process Automation and Integration
Permission: integrations.googleapis.com/templates.share
Action: Shares templates across projects or organizations
Mitre Tactic: Lateral Movement
Why it’s privileged: Allows exposure of templates containing logic that can access or invoke sensitive systems, enabling misuse for data access or destructive actions.
Permission: integrations.googleapis.com/templates.update
Action: Grants permission to update integration templates
Mitre Tactic: Execution
Why it’s privileged: Allows modification of templates that can execute code or access sensitive services, enabling unauthorized actions or data exposure the next time the template is used.
Permission: integrations.googleapis.com/authConfigs.delete
Action: Grants permission to delete authentication configurations
Mitre Tactic: Impact
Why it’s privileged: Allows removal of auth configs, potentially disabling integrations or breaking secure connections.
Permission: integrations.googleapis.com/certificates.update
Action: Grants permission to update authentication configurations
Mitre Tactic: Persistence
Why it’s privileged: Enables replacement of trusted certificates, allowing an attacker to maintain long-term access or intercept secure connections.
Permission: integrations.googleapis.com/certificates.create
Action: Grants permission to create or upload integration certificates used by integrations
Mitre Tactic: Persistence
Why it’s privileged: Lets an actor add trusted TLS identities or certs, enabling long-lived authenticated connections or impersonation of services for persistent access.
Permission: integrations.googleapis.com/securityIntegrationVers.update
Action: Grants permission to update security integration versions
Mitre Tactic: Defense Evasion
Why it’s privileged: Allows modification of security integrations, potentially disabling or altering defenses to evade detection.
Permission: integrations.googleapis.com/authConfigs.create
Action: Grants permission to create authentication configuration records with encrypted credentials
Mitre Tactic: Persistence
Why it’s privileged: Allows creation of new auth configs with valid credentials, enabling attackers to establish persistent authenticated access.
Permission: integrations.googleapis.com/authConfigs.update
Action: Grants permission to update existing authentication configurations
Mitre Tactic: Persistence
Why it’s privileged: Allows modification of stored credentials or tokens, enabling sustained unauthorized access.
Backup and Disaster Recovery
Service Type: Archival, Backup and Recovery
Permission: backupdr.googleapis.com/managementServers.setIamPolicy
Action: Grants permission to set or modify IAM policies on Backup and DR management servers
Mitre Tactic: Privilege Escalation
Why it’s privileged: Enables granting admin or management access to attacker-controlled principals, allowing escalation of privileges required to enumerate assured workloads or delete backup & data recovery monitoring infrastructure.
Permission: backupdr.googleapis.com/bvbackups.update
Action: Grants permission to modify backup records or configurations for BV backups
Mitre Tactic: Impact
Why it’s privileged: Allows altering backup contents, retention, destinations, or encryption settings — enabling data tampering, destruction, or unauthorized restore access.
Permission: backupdr.googleapis.com/backupVaults.update
Action: Grants permission to modify configuration settings for a Backup Vault
Mitre Tactic: Impact
Why it’s privileged: Enables altering vault policies, encryption, or retention settings, which can lead to data loss, tampering, or disruption of backup integrity.
Permission: backupdr.googleapis.com/backupPlanAssociations.updateForComputeInstance
Action: Grants permission to update backup plan associations for Compute Engine instances
Mitre Tactic: Impact
Why it’s privileged: Allows modifying which instances are protected or excluded from backups, enabling attackers to remove coverage and prevent recovery after compromise.
Permission: backupdr.googleapis.com/backupPlanAssociations.deleteForComputeInstance
Action: Grants permission to delete backup plan associations for Compute Engine instances
Mitre Tactic: Impact
Why it’s privileged: Allows removal of backup protections from instances, exposing them to irreversible data loss or preventing recovery after an attack.
Conclusion
As GCP continues to evolve its services and expand the capabilities of its APIs, the scope and impact of privileged permissions grow alongside it. The addition of new permissions and the introduction of V2 support both increase control and introduce new complexity for security teams. Permissions that grant control over IAM policies, authentication, and backup configurations can quickly shift the balance between operational efficiency and exposure.
Sonrai Security’s Cloud Permissions Firewall helps organizations stay ahead of this change by continuously identifying new and newly controllable privileges, mapping them to MITRE ATT&CK tactics, and enforcing least privilege across multi-cloud environments. As GCP broadens its privilege model, visibility and control remain essential to preventing escalation, persistence, and data compromise.
*** This is a Security Bloggers Network syndicated blog from Sonrai | Enterprise Cloud Security Platform authored by Adeel Nazar. Read the original post at: https://sonraisecurity.com/blog/oct-25-recap-new-and-newly-deniable-gcp-privileged-permissions/
About Author
