Google Security Operations lets you create groups of users and assign different permission levels to various modules.
The platform includes seven predefined permission groups:
Readers
Admins
Basic
View-Only
Collaborators
Managed User
Managed-Plus User
The built-in administrator group automatically has edit access to all environments,
letting its members view data from every environment in the system.
When you create a new permission group, carefully consider whether to grant edit
access to all environments.
Edit a permission group
To edit an existing permission group, follow these steps:
Go to Settings > Organizations > Permissions.
Select the permission group you want to edit.
Each module appears with a toggle to grant or deny a user access:
If the toggle is turned on, configure permissions for each feature you want to enable.
If the toggle is turned off, the module doesn't appear.
When finished, click Save.
Add a new permission group
To add a new permission group, follow these steps:
Go to Settings>Organizations>Permissions.
Click Add Permission Group.
Complete the following areas on the screen:
Your cursor is automatically placed next to the title of New
Group. Delete the words New Group and enter your own name for the new
Group. For example, Tier One.
From the list, select the License Type you want.
Select the Landing Page that you want this User Group to be directed to when they first sign in.
Select the permissions you want for each module.
When finished, click Save; the new permission group is added to the list. Note that at any time, you
can make changes and click Save again. To simplify editing, click
content_copy
Duplicate to create a copy of the permission group.
Restrict Actions
You can apply Restrict Actions to a permission group to prevent access to certain types
of actions. For example, as a Managed Security Service Provider (MSSP), you might
have separate SOC Manager groups for separate environments.
In Settings > Organizations > Permissions, select the permission group to prevent access.
In the Restrict Actions section, click addAdd, and select the actions to restrict for this permission group.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-07 UTC."],[[["\u003cp\u003eGoogle Security Operations enables the creation of user groups with varying permission levels for different modules.\u003c/p\u003e\n"],["\u003cp\u003eThere are seven predefined permission groups, including Readers, Admins, and Collaborators, each with specific access rights.\u003c/p\u003e\n"],["\u003cp\u003eExisting permission groups can be edited by toggling feature access on or off and adjusting specific permissions for each feature, then saving the changes.\u003c/p\u003e\n"],["\u003cp\u003eNew permission groups can be created by navigating to the Permissions section, adding a new group, defining its user type and landing page, and configuring module permissions before saving.\u003c/p\u003e\n"],["\u003cp\u003eRestrictions can be implemented to prevent specific permission groups from performing certain actions, enhancing security control.\u003c/p\u003e\n"]]],[],null,["Manage permission groups \nSupported in: \nGoogle secops [SOAR](/chronicle/docs/secops/google-secops-soar-toc)\n**Note:** If you've migrated to Google Cloud, this page is replaced by IAM permissions. For more information, see [Migrate to Google Cloud](/chronicle/docs/soar/admin-tasks/advanced/migrate-to-gcp). \nGoogle Security Operations lets you create groups of users and assign different permission levels to various modules. \n\nThe platform includes seven predefined permission groups:\n\n- Readers\n- Admins\n- Basic\n- View-Only\n- Collaborators\n- Managed User\n- Managed-Plus User\n\nThe built-in administrator group automatically has edit access to all environments,\nletting its members view data from every environment in the system.\nWhen you create a new permission group, carefully consider whether to grant edit\naccess to all environments.\n\nEdit a permission group\n\nTo edit an existing permission group, follow these steps:\n\n1. Go to **Settings \\\u003e Organizations \\\u003e Permissions**.\n2. Select the permission group you want to edit.\n3. Each module appears with a toggle to grant or deny a user access:\n - If the toggle is turned on, configure permissions for each feature you want to enable.\n - If the toggle is turned off, the module doesn't appear.\n4. When finished, click **Save**.\n\nAdd a new permission group\n\nTo add a new permission group, follow these steps:\n\n1. Go to **Settings** \\\u003e **Organizations** \\\u003e **Permissions**.\n2. Click **Add Permission Group**.\n3. Complete the following areas on the screen:\n 1. Your cursor is automatically placed next to the title of New Group. Delete the words New Group and enter your own name for the new Group. For example, Tier One.\n 2. From the list, select the License Type you want. \n 3. Select the Landing Page that you want this User Group to be directed to when they first sign in.\n 4. Select the permissions you want for each module.\n4. When finished, click **Save** ; the new permission group is added to the list. Note that at any time, you can make changes and click **Save** again. To simplify editing, click content_copy **Duplicate** to create a copy of the permission group. \n\nRestrict Actions\n\nYou can apply Restrict Actions to a permission group to prevent access to certain types\nof actions. For example, as a Managed Security Service Provider (MSSP), you might\nhave separate SOC Manager groups for separate environments.\n\n1. In **Settings \\\u003e Organizations \\\u003e Permissions**, select the permission group to prevent access.\n2. In the **Restrict Actions** section, click add **Add**, and select the actions to restrict for this permission group.\n3. Click **Add** \\\u003e **Save** . \n\nLearn how to [control access to the platform](/chronicle/docs/soar/admin-tasks/\nadvanced/control-access-to-platform).vv.\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
