services / Google Cloud / Compute Engine managed instances
Create and alter managed instances.
Allows access to general core VM infrastructure, which can support a broad array of organizational functions. Note that the terms "instance" and "VM" are interchangeable within the compute engine documentation, although may have semantic differences within these privileges.
compute.instances.setShieldedInstanceIntegrityPolicy
Resets the baseline for monitoring instance integrity, allowing an attacker to evade detection. The instance must be running.
Risks
Scope: CRITICAL
This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog