diff --git a/google/appengine/legacy/audit_data.proto b/google/appengine/legacy/audit_data.proto
new file mode 100644
index 00000000..75c2a9b2
--- /dev/null
+++ b/google/appengine/legacy/audit_data.proto
@@ -0,0 +1,34 @@
+// Copyright 2016 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.appengine.legacy;
+
+option go_package = "google.golang.org/genproto/googleapis/appengine/legacy;legacy";
+option java_multiple_files = true;
+option java_outer_classname = "AuditDataProto";
+option java_package = "com.google.appengine.legacy";
+
+
+// Admin Console legacy audit log.
+message AuditData {
+  // Text description of the admin event.
+  // This is the "Event" column in Admin Console's Admin Logs.
+  string event_message = 1;
+
+  // Arbitrary event data.
+  // This is the "Result" column in Admin Console's Admin Logs.
+  map<string, string> event_data = 2;
+}
diff --git a/google/iam/v1/policy.proto b/google/iam/v1/policy.proto
index 10011575..a09b5443 100644
--- a/google/iam/v1/policy.proto
+++ b/google/iam/v1/policy.proto
@@ -111,3 +111,39 @@ message Binding {
   //
   repeated string members = 2;
 }
+
+// The difference delta between two policies.
+message PolicyDelta {
+  // The delta for Bindings between two policies.
+  repeated BindingDelta binding_deltas = 1;
+}
+
+// One delta entry for Binding. Each individual change (only one member in each
+// entry) to a binding will be a separate entry.
+message BindingDelta {
+  // The type of action performed on a Binding in a policy.
+  enum Action {
+    // Unspecified.
+    ACTION_UNSPECIFIED = 0;
+
+    // Addition of a Binding.
+    ADD = 1;
+
+    // Removal of a Binding.
+    REMOVE = 2;
+  }
+
+  // The action that was performed on a Binding.
+  // Required
+  Action action = 1;
+
+  // Role that is assigned to `members`.
+  // For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+  // Required
+  string role = 2;
+
+  // A single identity requesting access for a Cloud Platform resource.
+  // Follows the same format of Binding.members.
+  // Required
+  string member = 3;
+}